fail2ban filter for Wordpress (wp-login) attempts

Discussion in 'Tips/Tricks/Mods' started by hyppoCom, Sep 28, 2023.

Tags:
  1. hyppoCom

    hyppoCom New Member

    I created a filter for fail2ban to mitigate Wordpress bruteforce attacks

    /etc/fail2ban/filter.d/wp-login.conf
    Code:
    # Fail2Ban filter for Wordpress login attempts
# ISPConfig log version (/var/log/apache2/other_vhosts_access.log)
# Test with:
# fail2ban-regex /var/log/apache2/other_vhosts_access.log  /etc/fail2ban/filter.d/wp-login.conf /etc/fail2ban/filter.d/wp-login.conf
#
[Definition]
failregex = ^.*:\d+\ <HOST>.*\"POST\ \/wp-login.php HTTP\/.*\"
ignoreregex =
    Tell fail2ban to use the filter with
    /etc/fail2ban/jail.d/wp-login.conf (you can change this name as you prefer)
    Code:
    [wp-login]
enabled  = true
filter   = wp-login
logpath  = /var/log/apache2/other_vhosts_access.log
maxretry = 3
findtime = 180
bantime  = 600
port     = http,https
    To remember:
    findtime is the time within the attempts should occur to be marked as bruteforcing
    bantime is the time to ban the IP
     
    hyppoCom, Sep 28, 2023
    #1
    ArnOS, KaBy, onastvar and 1 other person like this.

Share This Page